Linode hackers escape with $70K in daring bitcoin heist

Compromised servers ransacked for digital cash

Common Topics

Updated Popular web host Linode has been hacked by cyber-thieves who made off with a stash of bitcoins worth $71,000 (£44,736) in real money.

The crooks pulled off the heist after obtaining admin passwords for Linode's network gear. Having infiltrated its systems, the thieves proceeded to target several Bitcoin-related servers, stealing $15k (£9.45k) from one merchant and more than 10,000 bitcoins ($56k, £35k) from Bitcoinica, a trading exchange for the digital currency. Bitcoinica has promised to reimburse customers for any losses. It said in a statement:

Many of you have heard that several bitcoin services were victims of a recent Linode security breach today. Unfortunately, Bitcoinica is also among the services affected.

On 2012-03-01 at 6:30 UTC, our "hot wallet" hosted at Linode and containing over 10,000 BTC was emptied. The unauthorized access is consistent with that experienced by other bitcoin services, described by Linode as unauthorized access from Linode's "customer support interface".

Punters should avoid using any bitcoin addresses previously used to fund their Bitcoinica accounts, Bitcoinica advises:

We must assume that the thief has retained private keys associated with old bitcoin deposit addresses. This would allow them to access any new bitcoins sent to old deposit addresses. As of now, our website will only display new deposit addresses which are not affected by this. However any old bitcoin addresses which you may have recorded for convenience should never be used ever again. This is the most important thing.

Linode admitted it had been compromised and issued a statement to say the digital safety deposit boxes of eight customers had been ransacked. It promised to review and improve its security procedures in the wake of the hack:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin". The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords. Only those eight accounts were viewed or manipulated - no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.

Bitcoins are a form of electronic currency that can be exchanged for real cash. The system relies on public-key cryptography and peer-to-peer networking to transfer the coins between users' wallets. Isolated incidents of cyber-crooks using number-crunching botnets to generate bitcoins were detected last year.

Some miscreants appeared to have moved over to stealing bitcoins directly but it's unclear whether the smash-and-grab raid against Linode is a one-off, or the start of a new tactic in cybercrime. ®